Last Month in Cyber – Issue 29

Share This Post:

We keep an eye on what’s happening in the cybersecurity world so you don’t have to. Here’s a recap of what we considered the highlights from last month.

According to CMMC director Stacy Bostjanick, DOD Program Managers will be the ones requesting waivers from the SAE prior to RFP release. The waivers will be determined based on the needs of acquisition officials for specific contracts, not the qualifications of a company bidding for contract selection. Contractors reportedly won’t be involved in getting waivers, just in pursuing certification in time in the event that they do get them.
These authorities assessed that, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities.
Reference CISA Alert (AA22-117A) for the full report.
 
US, Australian, Canadian, New Zealand, and UK cybersecurity authorities collaborated to produce an advisory that provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
These authorities assessed that, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities.
Reference CISA Alert (AA22-117A) for the full report.
 
 
Threatpost just released an insightful deep dive on protecting against container threats in the cloud. As containers are used by more and more organizations, it’s important to understand the unique security challenges they present and the increased interest of cybercriminals in how to exploit them.
 

More from the blog

Learn More About Upcoming Events